K8S-集群-证书更新
1、证书有效期查询
shell
kubeadm certs check-expiration
2、当前证书备份
shell
cp -pr /etc/kubernetes /etc/kubernetes.bak
cp -pr /var/lib/etcd /var/lib/etcd.bak
3、执行证书更新
shell
kubeadm certs renew all
4、服务重启生效
shell
docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' |awk -F ' ' '{print $1}' |xargs docker restart
5、客户端证书自动更新
shell
/etc/kubernetes/kubelet.conf
/var/lib/kubelet/config.yaml
rotateCertificates: true
6、更新kubeconfig
shell
mv ~/.kube ~/.kube.bak
mkdir ~/.kube
cp /etc/kubernetes/admin.conf ~/.kube/config